In partnership with
Hey everyone,
If you’re new to cybersecurity, it’s really easy to waste months doing “productive” things that do not actually move you closer to getting hired.
A new certification drops, everyone talks about it, and suddenly it feels like that is the missing piece.
So this week, I want to give you a beginner-first take on the new CompTIA SecAI+ cert, and where it actually fits.
The SecAI+ Certification: What Beginners Need to Know
SecAI+ is CompTIA’s attempt to certify skills around securing AI systems and managing AI-related security risks.
Think of it as:
cybersecurity fundamentals + AI risk + how organisations are actually using AI in the real world.
This matters because more companies are rolling out:
Internal copilots and AI assistants
AI features inside security tools
AI governance and compliance requirements
AI workflows connected to sensitive data (HR, finance, customer support)
So even if you never “build AI models,” you may still end up working in environments where AI creates new security and risk problems.
The beginner trap (the honest truth)
Here’s where people get stuck:
A new cert feels like a shortcut. But recruiters do not hire on “interesting” certifications alone.
They hire on:
Proof you can do the basics
Proof you can learn
Proof you can communicate
If you are brand new and you lead with a specialist cert, many hiring managers will still ask:
“Can you troubleshoot networks?”
“Can you explain logs and alerts?”
“Can you investigate and document an incident?”
“Can you work tickets and communicate clearly?”
If the answer is unclear, SecAI+ does not rescue that. This isn’t me saying SecAI+ is a bad cert, it’s me saying timing matters.
So… who is SecAI+ actually for?
SecAI+ will likely become useful for 3 types of people:
1) Cyber folks who already have the basics
People who already understand core security concepts, and want a forward-looking “AI layer.”
2) GRC / risk / compliance professionals
Because AI governance is becoming real work inside organisations.
3) Security engineers / analysts being pulled into AI projects
Even if the job title is not “AI Security,” the work starts showing up.
What beginners should do first (the “don’t waste time” plan)
If your goal is landing your first cybersecurity role, your best ROI is still:
Build fundamentals (networking + security basics)
Get hands-on (labs, blue-team challenges, small projects)
Build proof (write-ups, portfolio, LinkedIn clarity)
Develop communication (clear explanations, good documentation)
Then, once you’re getting interviews or you’re already in IT/cyber, specialist certs like SecAI+ start making a lot more sense.
A simple beginner filter (steal this)
SecAI+ might be worth considering if:
You already have Security+ level knowledge (or close)
You can explain basic networking and security concepts clearly
You’ve done hands-on labs and can show what you learned
You want to position yourself toward AI risk / governance / security work
SecAI+ is probably not the move yet if:
You are still trying to learn what a SOC actually does day-to-day
You have no portfolio or write-ups
You are not getting interviews because your fundamentals are not clear
This weeks video: SOC Analyst Vs Pentester: Which Cyber Path Should You Choose in 2026?
If you're starting your journey in cyber security, you've likely heard of two key career paths: the SOC analyst and ethical hacking. While these roles might sound similar, they demand distinct cybersecurity skills and mindsets, making the choice crucial for your cyber security career path. This video offers career advice to help you decide between these paths, including penetration testing, ensuring you pick the right direction from the start.
Hiring in 8 countries shouldn't require 8 different processes
This guide from Deel breaks down how to build one global hiring system. You’ll learn about assessment frameworks that scale, how to do headcount planning across regions, and even intake processes that work everywhere. As HR pros know, hiring in one country is hard enough. So let this free global hiring guide give you the tools you need to avoid global hiring headaches.
News & Trends (Cyber + Careers) - quick beginner take
Here are a few things worth noticing right now:
It’s becoming less about doing a test once, shipping a PDF, and calling it done.More organisations now care about the full loop:
Finding issues
Prioritising them
Getting fixes shipped
Retesting
Proving impact over time
Beginner takeaway:
If you want to stand out, stop thinking “cyber = pure technical.” Start thinking “cyber = technical + process + proof.” This is why skills like:
Writing clear findings
Creating clean ticket notes
Keeping evidence tidy
Explaining risk and impact simply
…are becoming career accelerators, not admin work.
2) AI security is going mainstream.
You do not need to be an AI engineer to be relevant in this space.
But the reason AI security matters is simple: AI is getting plugged into real business workflows, and that means it touches:
Sensitive data
Internal systems
Third-party tools
Permissions and identity
So the security questions become very practical:
Where does the data go?
Who can access the outputs?
What gets logged (or not logged)?
What happens if a model leaks something, or is manipulated?
Who is accountable when something goes wrong?
Beginner takeaway:
If you can get comfortable with data flows + identity/access + basic risk thinking, you will be ahead of most people who are still only collecting certs and watching tutorials.
3) Hiring is still rewarding proof of work.
This has not changed. A certification shows you can learn. Great. But what gets you shortlisted faster is evidence that you can do the work, even at a beginner level:
A small home lab
A write-up of a SOC-style investigation
A simple Splunk detection exercise
A TryHackMe / CyberDefenders report you can talk through confidently
Beginner takeaway:
You don’t need a massive portfolio. You need 3–5 small pieces of proof that are:
Easy to understand
Clearly written
Genuinely yours
…and that you can explain without reading a script.
4) Communication remains the quiet superpower.
This is the part most people ignore… and recruiters notice. Cybersecurity is a team sport. Even “technical” roles require you to:
write incident notes
brief stakeholders
explain trade-offs
document what happened and what you recommend next
The people who get hired and promoted faster are usually not the loudest. They are the clearest.
Beginner takeaway:
Practise explaining what you did in plain English:
What was the issue?
What did you observe?
What did you try?
What worked?
What would you do next time?
If you can do that, you become easier to trust, easier to work with, and easier to hire.
Challenge of the Week (Cyber, beginner-friendly)
30-minute “Proof of Work” challenge
Do one small thing, and make it visible.
Pick one:
complete a small beginner challenge on TryHackMe / CyberDefenders / HTB Academy, or
write up a simple concept you learned this week (phishing, MFA, least privilege, logs, SIEM basics)
Then publish a short write-up using this structure:
What I did / learned
One thing that confused me
One takeaway I’d share with another beginner
Post it on LinkedIn, or save it as a simple portfolio note you can show in interviews.
This is exactly the kind of thing that separates “interested” from “hireable”.
Sunday video
On Sunday I’ll go deeper on exactly who SecAI+ is for, where it fits in the job market, and my honest recruiter take on whether it’s worth it in 2026.
Have questions about breaking into cybersecurity? Hit reply and let me know what you're struggling with. I read every email.
As always, keep levelling up your career and thanks for reading.
Best wishes
Luke Gough
Career Coach | Recruitment Specialist
P.S. Want a complete job search toolkit in your hands?
The Career Compass Playbook gives you ATS-friendly resume templates, LinkedIn optimisation checklists, interview Q&A worksheets, salary negotiation scripts, and a job application tracker, and much more, all for just AU$9.99. Get instant access and take control of your career.
